GrayLog is a leading open source log management platform, it allows you to collect, index, and analyze logs from just about any source in a centralized location. In this guide, we will be installing all of the requirements (Graylog, Elasticsearch, MongoDB)  on the same server, but for larger production environment this may not be ideal.

Requirements

Graylog requires that you have the following packages installed.

Java ( >= 8 )

Elasticsearch (5.x or 6.x)

MongoDB (3.6 or 4.0)

CPU

If you’re running all components (Graylog, Elasticsearch, MongoDB) on a single machine, a reasonably modern multi core CPU

RAM

4 GB of main memory will do if you’re running all components (Graylog, Elasticsearch, MongoDB)

Installation

ssh [email protected]

Connect to your server as the admin user via SSH from Linux, or by using Putty from Windows.

sudo apt update && sudo apt upgrade -y

Update and Upgrade the server

sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen

Installing prerequisite packages 

Installing MongoDB

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt update

Adding MongoDB Repository

sudo apt install -y mongodb-org

Installing MongoDB package

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Enable MongoDB Service

Installing Elasticsearch

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt update

Adding Elasticsearch Repository

sudo apt install elasticsearch-oss

Installing Elasticsearch package

sudo nano /etc/elasticsearch/elasticsearch.yml

Modify the Elasticsearch configuration file and set the cluster name to graylog , as well as adding action.auto_create_index: false to the configuration file

cluster.name: graylog
action.auto_create_index: false

should look like this, Ctrl + x to save in Nano

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Enable and start Elasticsearch service

Installing GrayLog

wget https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.deb
sudo dpkg -i graylog-3.1-repository_latest.deb
sudo apt update

Adding GrayLog Repository

sudo apt install graylog-server

Installing GrayLog package

sudo nano /etc/elasticsearch/elasticsearch.yml

Modify the Elasticsearch configuration file and set the cluster name to graylog , as well as adding action.auto_create_index: false to the configuration file

cluster.name: graylog
action.auto_create_index: false

should look like this, Ctrl + x to save in Nano

Optional: Installing GrayLog Plugins

sudo apt install graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

Install all GrayLog plugins

 pwgen -N 1 -s 96

generate and copy this password and add this to “password_secret” in your /etc/graylog/server/server.conf

copy this password and add this to “password_secret” in your /etc/graylog/server/server.conf

echo -n "Enter Password: " && head -1